Results 1  10
of
122
Four Dark Corners of Requirements Engineering
 ACM Transactions on Software Engineering and Methodology
, 1997
"... This article shines some light in the "four dark corners," exposing problems and proposing solutions. We show that all descriptions involved in requirements engineering should be descriptions of the environment. We show that certain control information is necessary for sound requirements e ..."
Abstract

Cited by 197 (8 self)
 Add to MetaCart
This article shines some light in the "four dark corners," exposing problems and proposing solutions. We show that all descriptions involved in requirements engineering should be descriptions of the environment. We show that certain control information is necessary for sound requirements engineering, and we explain the close association between domain knowledge and refinement of requirements. Together these conclusions explain the precise nature of requirements, specifications, and domain knowledge, as well as the precise nature of the relationships among them. They establish minimum standards for what information should be represented in a requirements language. They also make it possible to determine exactly what it means for requirements engineering to be successfully completed.
How the design of JML accommodates both runtime assertion checking and formal verification
 SCIENCE OF COMPUTER PROGRAMMING
, 2003
"... ..."
(Show Context)
Specification and verification challenges for sequential objectoriented programs
 UNDER CONSIDERATION FOR PUBLICATION IN FORMAL ASPECTS OF COMPUTING
"... The state of knowledge in how to specify sequential programs in objectoriented languages such as Java and C# and the state of the art in automated verification tools for such programs have made measurable progress in the last several years. This paper describes several remaining challenges and app ..."
Abstract

Cited by 59 (5 self)
 Add to MetaCart
The state of knowledge in how to specify sequential programs in objectoriented languages such as Java and C# and the state of the art in automated verification tools for such programs have made measurable progress in the last several years. This paper describes several remaining challenges and approaches to their solution.
Enhancing the Pre and Postcondition Technique for More Expressive Specifications
, 1997
"... We describe enhancements to the pre and postcondition technique that help specifications convey information more effectively. Some enhancements allow one to specify redundant information that can be used in "debugging" specifications. For instance, adding examples to a specification ..."
Abstract

Cited by 41 (10 self)
 Add to MetaCart
We describe enhancements to the pre and postcondition technique that help specifications convey information more effectively. Some enhancements allow one to specify redundant information that can be used in "debugging" specifications. For instance, adding examples to a specification gives redundant information that may aid some readers, and can also be used to help ensure that the specification says what is intended. Other enhancements allow improvements in frame axioms for objectoriented (OO) procedures, better treatments of exceptions and inheritance, and improved support for incompletelyspecified types. Many of these enhancements were invented by other authors, but are not widely known. They have all been integrated into Larch/C++ , a Larchstyle behavioral interface specification language for C++. However, such enhancements could also be used to make other specification languages more effective tools for communication.
Avoiding the Undefined by Underspecification
 Computer Science Today: Recent Trends and Developments, number 1000 in Lecture Notes in Computer Science
, 1995
"... We use the appeal of simplicity and an aversion to complexity in selecting a method for handling partial functions in logic. We conclude that avoiding the undefined by using underspecification is the preferred choice. ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
(Show Context)
We use the appeal of simplicity and an aversion to complexity in selecting a method for handling partial functions in logic. We conclude that avoiding the undefined by using underspecification is the preferred choice.
Mechanical Derivation and Systematic Analysis of Correct Linear Algebra Algorithms
, 2006
"... We consider the problem of developing formally correct dense linear algebra libraries. The problem would be solved convincingly if, starting from the mathematical speciﬁcation of a target operation, it were possible to generate, implement and analyze a family of correct algorithms that compute the o ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
We consider the problem of developing formally correct dense linear algebra libraries. The problem would be solved convincingly if, starting from the mathematical speciﬁcation of a target operation, it were possible to generate, implement and analyze a family of correct algorithms that compute the operation. This thesis presents evidence that for a class of dense linear operations, systematic and mechanical development of algorithms is within reach. It describes and demonstrates an approach for deriving and implementing, systematically and even mechanically, proven correct algorithms. It also introduces a systematic procedure to analyze, in a modular fashion, numerical properties of the generated algorithms.
A structural proof of the soundness of rely/guarantee rules
 Journal of Logic and Computation
, 2007
"... Abstract. Various forms of rely/guarantee conditions have been used to record and reason about interference in ways that provide compositional development methods for concurrent programs. This paper illustrates such a set of rules and proves their soundness. The underlying concurrent language allows ..."
Abstract

Cited by 17 (8 self)
 Add to MetaCart
Abstract. Various forms of rely/guarantee conditions have been used to record and reason about interference in ways that provide compositional development methods for concurrent programs. This paper illustrates such a set of rules and proves their soundness. The underlying concurrent language allows finegrained interleaving and nested concurrency; it is defined by an operational semantics; the proof that the rely/guarantee rules are consistent with that semantics (including termination) is by a structural induction. A key lemma which relates the states which can arise from the extra interference that results from taking a portion of the program out of context makes it possible to do the proofs without having to perform induction over the computation history. This lemma also offers a way to think about expressibility issues around auxiliary variables in rely/guarantee conditions. 1
The Science of Deriving Dense Linear Algebra Algorithms
, 2002
"... In this paper we present a systematic approach to the derivation of families of highperformance algorithms for a large set of frequently encountered dense linear algebra operations. As part of the derivation a constructive proof of the correctness of the algorithm is given. The paper is structured ..."
Abstract

Cited by 16 (8 self)
 Add to MetaCart
In this paper we present a systematic approach to the derivation of families of highperformance algorithms for a large set of frequently encountered dense linear algebra operations. As part of the derivation a constructive proof of the correctness of the algorithm is given. The paper is structured so that it can be used as a tutorial for novices. However, the method has been shown to yield new, highperformance algorithms for wellstudied linear algebra operations and should also be of interest to the "high priests of high performance."